SIMULATION OF MULTI-AGENT INFORMATION RESOURCES PROTECTION SYSTEMS
DOI:
https://doi.org/10.31891/2307-5732-2024-337-3-42Keywords:
multi-agent, protection systems, information resourcesAbstract
Traditional centralized information protection systems do not provide an adequate level of adaptability and efficiency in a dynamically changing threat environment. Multi-agent systems, having a distributed architecture and the possibility of autonomous decision-making, represent a promising direction for solving information security problems.
The novelty of the research lies in the development of a multi-agent information protection system with enhanced capabilities for vulnerability analysis and intrusion detection. Unlike existing solutions, the proposed system provides active analysis of threats, reduction of the number of false positives, adaptation to new types of attacks, and minimization of the impact on the target traffic of information flows.
In the proposed formal model and prototype of the agent-oriented attack modeling system (ASMA), distributed coordinated attacks on a computer network are considered as a sequence of joint actions of hacker agents, which are performed from different hosts. Hackers are supposed to coordinate their actions according to some common script. At each step of the attack scenario, they try to implement a specific private subgoal.
The developed agent-oriented attack modeling system (ASMA) allows simulating distributed coordinated attacks on computer networks. It is based on a hierarchy of grammars, each of which is interpreted as a finite automaton. The system takes into account both macro- and micro-levels of attack description, providing detailed simulation of each stage of the attack. The use of KQML for communication between agents and XML for describing the content of messages allows effective coordination of agents' actions and ensures realistic simulation of attacks.
